55f6a88dc02579e8f6f191ee9ec91f66067b5d362434877cfbc325e4bf23aef1

Analysis

max time kernel
149s
max time network
141s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24-04-2023 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

4B
MD5

0b497b33b1a05057bc1634e607170bf6
SHA1

149ecfc76f45c53fadcc1843df6755d4ae25aa2a
SHA256

55f6a88dc02579e8f6f191ee9ec91f66067b5d362434877cfbc325e4bf23aef1
SHA512

d5e5ddf7a6ac7001680d2387a05f2d7006281d693d41165be9f6bb4e1db717b6532b27e40fac8db35733e31f80e442a745033fdd1b4a2f07f1daa5e4d75b1242

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133268525535625988"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2128	2016	chrome.exe	66
PID 2016 wrote to memory of 2128	2016	chrome.exe	66
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 5076	2016	chrome.exe	69
PID 2016 wrote to memory of 4312	2016	chrome.exe	68
PID 2016 wrote to memory of 4312	2016	chrome.exe	68
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70
PID 2016 wrote to memory of 4144	2016	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\download.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa4529758,0x7ffaa4529768,0x7ffaa4529778
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 --field-trial-handle=1724,i,3928148113508823840,4163684605803825937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ca0cab9072f19adee5612953360a147c

SHA1
cd03268727357e49815ea4d3c371592bacec5323

SHA256
7fafa349143e3e2e8ee590911b1889a8d605460425766bc757be6664200e9f18

SHA512
0ebadfb115b7a3dc5086dd57eb8b79d6a294a0d37de64644662fa03017443bee20f2784a62853aab71eac65bce0157f0fde566d409d533fa2bfbbb7e5189a0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6cea3ca3146b803bbcbab161cc1747ce

SHA1
0731575d8d725e8ad989f2cd4f07b3d89d6ed85d

SHA256
59af6e100006de4fb68eea01cdc7bdd366258d252230a2b1c5584bd25b165f2b

SHA512
6f20b126119ebd2be36547ca8322e93c069b62907320e228c57f54904225907736c505badb9598c25eb9f7b5f65a935668d1dfb18f54b780888e7e988ffce8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
926acd9d63c4f468eddc92010071bac7

SHA1
8e82b943143ecd1d418223231cc753f6ceb36102

SHA256
608a815c2b84efa77649a8983cdd0be08f0066db73573f0c29b4a45563cc8856

SHA512
a34c4bcfdc963302a4d57daca3c8ece7d339e32a2199bf29b425cbeef84e0fd54f6b2744d7c03fd4fb6d017d056dc18ce232ea960f54590b79dbe3b2c039bfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
45a9c09b3a0282034f5dc5b945b34934

SHA1
b7e021caf30538adde4a97a60d71238f0ae4d857

SHA256
660d8e377d7910acf9b937809da946512e26f34ccc6da796f02e65f473789e36

SHA512
d8d29401cd2a53b0e3d487945c3989ee1d22af6be2a753810ba66555d0339775f5eda407683cf6d1e416d91010340f39c4391b6be217e917adda02fbf41571f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit